United States customs says traveller images exposed in cyber attack


US Customs and Border Protection (CBP) has disclosed that hackers breached a subcontractor's systems and stole photographs the agency had taken of travelers and vehicle license plates at border crossings. The agency, which is responsible for enforcing border security and customs, says its network was not the target of the attack.

"The subcontractor's network was subsequently compromised by a malicious cyber-attack.No CBP systems were compromised", the agency said in a statement on Monday.

It was not clear how many of those affected were USA citizens or foreigners.

The breach first came to light on May 31.

Citing an unnamed government official, The New York Times said the subcontractor whose network was breached was indeed Perceptics.

It's not immediately clear if the two incidents are connected, although the CBP went on to confirm none of the image data has been identified on the Dark Web or internet. It's not certain if that info is associated with the CBP's breach.

CBP said the compromised trove of images includes "fewer than 100,000 people".

The agency maintains a database including passport and visa photos that is used at airports as part of an agency facial-recognition program.

"This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices", Singh Guliani added. Unfortunately, this is the second major privacy breach at DHS this year.

The website reported that the maker of vehicle license plate readers used extensively by the USA government and by cities to identify and track citizens and immigrants had been hacked.

The Washington Post reports the information included photos of peoples' faces and their license plates.

The attackers struck by targeting a third-party subcontractor, which had been storing the sensitive files over its own network. Jim Jordan and Mark Meadows openly expressed their concerns about the push for facial recognition software, with Meadows suggesting a pause on the tech's implementation "until we make sure that isn't not violating our Fourth Amendment rights and civil liberties".

Perceptics, the Tennessee-based imaging software company, confirmed it was aware of the hack in an email to the Register.

Civil liberties groups including the ACLU and the Electronic Frontier Foundation have expressed alarm at the general lack of regulation of licence plate-reading cameras and burgeoning databases maintained by government agencies including CBP, Immigration and Customs Enforcement and the Federal Bureau of Investigation.

CBP processes more than one million passengers and pedestrians crossing USA borders each day.

Hearings on biometrics are scheduled for next month in the House of Representatives, according to House Homeland Security chair Bennie Thompson (D-MS).

"Government use of biometric and personal identifiable information can be valuable tools only if utilized properly".

Photos of holidaymakers visiting the USA have been stolen in a cyber attack, the American border force has said.